Learn About the Latest VMware Cloud Foundation 5.1 on Dell VxRail 8.0.200 Release
Tue, 05 Dec 2023 17:06:36 -0000|
Read Time: 0 minutes
Pairing more configuration flexibility with more integrated automation delivers even more simplified outcomes to meet more business needs!
More is what sums up this latest Cloud Foundation on VxRail release! This new release is based on the latest software bill of materials (BOM) featuring vSphere 8.0 U2, vSAN 8.0 U2, and NSX 4.1.2. Read on for more details.…
Operations and serviceability user experience updates
SDDC Manager WFO UI custom host networking configuration enhancements
With this enhancement, the administrator can configure networking of a new workload domain or VxRail cluster using either “Default” VxRail Network Profiles or a “Custom” Network Profile configuration. Cloud Foundation on VxRail already supports the ability for administrators to deploy custom host networking configurations using the SDDC Manager WFO API deployment method, however this new feature now brings this support to the SDDC Manager WFO UI deployment method, making it even easier to operationalize.
The following demo walks through using the SDDC Manager WFO UI to create a new workload domain with a VxRail cluster that is configured with vSAN ESA and VxRail vLCM mode enabled and a custom network profile.
New VCF Infrastructure as Code (IaC) tooling with new Terraform VCF Provider and PowerCLI VCF Module
Infrastructure teams can now utilize the Terraform Provider for VCF and the VCF module that is now integrated into VMware’s official PowerCLI tool to perform Infrastructure-as-code (IaC), allowing them to deploy, manage, and operate VMware Cloud Foundation on VxRail deployments.
By using prebuilt IaC best practices code that is designed to take advantage of interfacing with a single VCF API, IaC teams are able to perform infrastructure provisioning tasks that can accelerate IaC usage and lessen the burden to develop and maintain code for individual infrastructure components intended to deliver similar outcomes.
Important Note: Not all operations using these tools may be supported in Cloud Foundation on VxRail. Please refer to tool documentation links at the bottom of this post for details.
Day 1 VxRail vLCM mode compatibility for management and workload domains
VMware Cloud Foundation 5.1 on VxRail 8.0.200 now supports the configuration and deployment of new domains using vSphere Lifecycle Manager Images (vLCM) enabled VxRail clusters, depicted in figure 1. VxRail vLCM enabled clusters can leverage VxRail Manager to unify not only your ESXi Image but also your BIOS/firmware/drivers through a single update process, all controlled/orchestrated by VxRail Manager using the integrated SDDC Manager’s native LCM operations experience via VxRail APIs. VxRail clusters will have their VxRail Continuously Validated State image managed at the cluster level by VxRail Manager just like in VxRail standard LCM mode enabled clusters.
Figure 1. High-level VxRail vLCM mode architecture
Mixed-mode support for workload domains as a steady state
Existing VMware Cloud Foundation 5.x on VxRail 8.x deployments now allow administrators to run workload domains of different VCF 5.x versions as a “steady state”. Administrators can now update the management domain and any other workload domain of a VCF 5.0 deployment to the latest VCF 5.x version without the need to upgrade all workload domains. Mixed-mode support also allows administrators to leverage the benefits of new SDDC Manager features in the management domain without having to upgrade a full VCF 5.x on VxRail 8.x instance.
Asynchronous download support for SDDC Manager update precheck files
SDDC Manager update precheck files can now be downloaded and updated asynchronously from full release updates, an addition to similar async VxRail specific precheck file updates that already exist within VxRail Manager. This feature allows administrators to download, deploy, and run SDDC Manager update prechecks tailored to a specific VMware Cloud Foundation on VxRail releases. SDDC Manager precheck files are created by VMware engineering and contain detailed checks for SDDC Manager to run prior to upgrading to a newer VCF on VxRail target release, as shown in the following figure.
Figure 2. High-level process of asynchronous download support for SDDC Manager update precheck files
Support for the separation of DvPG for management appliances and ESXi host (VMKernel) management
Prior to this release, the default networking topology deployed by VMware Cloud Foundation on VxRail consisted of ESXi host management interfaces (vmkernel interface) and management components (vCenter server, SDDC Manager, NSX components, VxRail Manager, etc.) being applied to the same Distributed Virtual Port Group (DvPG). This new DvPG separation feature enables traffic isolation between management component VMs and ESXi Host Management vmkernel Interfaces, helping align to an organization’s desired security posture. Figure 3 illustrates this new configuration architecture.
Figure 3. New DvPG architecture
Configure custom NSX Edge cluster without 2-tier routing (via API)
VMware Cloud Foundation 5.1 on VxRail 8.0.200 now provides the option to deploy a custom NSX Edge cluster without the need to configure both a Tier-0 and Tier-1 gateway. These types of NSX Edge cluster deployments can be configured using the SDDC Manager (API only).
Static IP-based NSX Tunnel End Point and Sub Transport Node Profile assignment support for L3 aware clusters and L2/L3 vSAN stretched clusters
VxRail stretched clusters that are deployed using vSAN OSA can now be configured with vLCM mode enabled. In addition, administrators can now configure NSX Host TEPs to utilize a NSX static IP pool and no longer need to manually maintain an external DHCP server to support Layer 3 vSAN OSA stretched clusters, as illustrated in the following figure.
Figure 4. TEP Configuration Flexibility Example for vSAN Stretched Clusters
Building off these capabilities, deployments of VxRail stretched clusters with vSAN OSA which are configured using static IP Pools can now also leverage Sub-Transport Node Profiles (Sub-TNP), a feature introduced with NSX-T 3.2.2 and NSX 4.1.
Sub-TNPs can be used to prepare clusters of hosts without L2 adjacency to the Host TEP VLAN. This is useful for customers with rack-based IP schemas and allows Host TEP IPs to be configured on their own separate networks. Configuring vSAN stretched clusters using NSX Sub-TNP provides increased security, allowing administrators to enable and configure Distributed Malware Prevention and Detection. An example of this is depicted in the following figure.
Figure 5. Sub-TNP vSAN L3 Stretched Cluster Configuration Example
Note: Stretched VxRail with vSAN ESA clusters are not yet supported.
Support for multiple VDS for NSX host networking configurations
This release now provides the option to configure multiple VDS for NSX through the SDDC Manager WFO UI and WFO API.
Administrators can now configure additional VxRail host VDS prepared for NSX (VDS for NSX) to configure using VLAN Transport Zones (VLAN TZs), as shown in the following figure. This provides administrators the added benefit of configuring NSX Distributed Firewall (DFW) for workloads in VLAN transport zones, allowing security to be more granular. These capabilities further simplify the configuration of advanced networking and security for Cloud Foundation on VxRail.
Figure 6. Configuring additional VxRail host VDS for NSX to configure using VLAN TZs
Security and access updates
OKTA SSO identity federation support
VMware Cloud Foundation 5.1 on VxRail 8.0.200 now supports the option to configure the VMware Identity Broker for federation using Okta (3rd party IDP). Once configured, federated users can seamlessly move between vCenter Server and NSX Manager consoles without being prompted to re-authenticate.
vSAN OSA/ESA support for management and workload domain VxRail clusters
VMware Cloud Foundation 5.1 on VxRail 8.0.200 adds support for both vSAN OSA-based and vSAN ESA-based VxRail clusters when deploying a new management domain (greenfield VCF on VxRail instance) and new workload domains/clusters in VCF on VxRail instances that have been upgraded to this latest release. VCF requires that vSAN ESA-based cluster deployments have vLCM mode enabled. Also, as of this release, only 15th generation VxRail vSAN ESA compatible hardware platforms are supported. 16th generation VxRail platform support is planned for a future release.
Support for vSAN OSA/ESA remote datastores as principal storage when used with VxRail dynamic node workload domain clusters
This release adds support of VxRail dynamic node compute-only clusters in cross cluster capacity sharing use cases. This means that vSAN OSA or ESA remote datastores sourced from a standard VxRail HCI cluster with vSAN within the same workload domain can now be used as principal storage for VxRail dynamic node- compute only workload domain clusters. This capability is available via the SDDC Manager WFO script deployment method only.
Platform and scale updates
Increased VCF remote cluster maximum support for up to 16 nodes and up to 150ms latency
There are new validated updates to the maximum supported latency requirements for use of VCF remote clusters. These links now require 10 Mbps of bandwidth available and a latency less than 150ms.
There have also been updates regarding VCF remote cluster size scalability ranges. A VCF remote cluster now requires a minimum of 3 hosts when using local vSAN as cluster principal storage or 2 hosts when using supported Dell external storage principal storage with VxRail dynamic nodes. On the max scale limit side, VCF remote clusters cannot exceed the new maximum of 16 VxRail hosts in either case.
Note: Support for this feature is expected to be available after GA.
Support for 2-node workload domain VxRail dynamic node clusters when using VMFS on FC Dell external storage as principal storage
Cloud Foundation on VxRail now supports the ability to deploy 2-node dynamic node-based workload domain clusters when using VMFS on FC Dell external storage as cluster Principal storage.
Increased GPU scale for Private AI
Nvidia GPUs can be configured for AI / ML to support a variety of different use cases. In VMware Cloud Foundation 5.1 on VxRail 8.0.200, where GPUs have been configured for vGPUs, a VM can now be configured with up to 16 vGPU profiles that represent all of a GPU or parts of a GPU. These enhancements allow customers to support larger Generative AI and large-language model (LLM) workloads while delivering maximum performance.
VxRail hardware platform updates
15th generation VxRail E660N and P670N all-NVMe vSAN ESA hardware platform support
Cloud Foundation on VxRail administrators can now use VxRail hardware platforms that have been qualified to run vSAN ESA and VxRail 8.0.200 software. The all-NVMe VxRail platforms such as the 15th generation VxRail E660N and P670N can now be ordered and deployed in Cloud Foundation 5.1 on VxRail 8.0.200 environments.
Hybrid cloud management updates
VCF mixed licensing mode support
VMware Cloud Foundation 5.1 on VxRail 8.0.200 introduces support for both Key-based and Keyless licensing for existing deployments, as illustrated in the following figure.
To enable the deployment, the management domain must first be cloud connected and subscribed. Once complete, enhanced SDDC Manager workflows allow administrators the option to license a new workload domain using Keyless licenses (cloud connected subscription) or Key-based licenses (perpetual or cloud disconnected subscription). This deployment scenario is referred to as Mixed Licensing Mode. All licensing used within a domain must be homogenous, meaning all components within a domain must use either a Key-based or Keyless license and not a combination thereof.
Figure 7. Understanding Key-based and Keyless licensing for existing deployments
VMware Cloud Disaster Recovery service for VCF cloud connected subscription deployments
VMware Cloud Foundation on VxRail cloud connected subscriptions now support VMware Cloud Disaster Recovery (VCDR) as an add-on service through the VMware Cloud Portal.
Other asynchronous release-independent related updates
VMware redefines Cloud Foundation product lifecycle policies
The product lifecycle policies for new and existing VMware Cloud Foundation releases have been redefined by VMware. VCF on VxRail product lifecycle policies align with VMware’s VCF product lifecycle policy.
End of General Support for VCF 5.x is now four (4) years from the original VCF 5.0 launch date. This change allows IT teams to run their VMware Cloud Foundation on VxRail deployments for longer before planning an upgrade, providing more control for IT organizations to adopt a cloud operating model that evolves at the pace of their business.
Well, there you have it! Another release in the books. If you want even more information beyond what was discussed here, feel free to check out the resources linked below. See you next time!
- VxRail product page
- VxRail Info Hub page
- VxRail Videos
- VMware Cloud Foundation on Dell VxRail Release Notes
- VCF on VxRail Interactive Demo
- VMware Product Lifecycle Matrix
- Terraform Provider for VCF
- PowerCLI VCF Module
Author: Jason Marques
Related Blog Posts
What’s New: VMware Cloud Foundation 4.5.1 on Dell VxRail 7.0.450 Release and More!
Thu, 11 May 2023 15:55:52 -0000|
Read Time: 0 minutes
This latest Cloud Foundation (VCF) on VxRail release includes updated versions of software BOM components, a bunch of new VxRail platform enhancements, and some good ol’ under-the-hood improvements that lay the groundwork for future features designed to deliver an even better customer experience. Read on for the highlights…
VCF on VxRail operations and serviceability enhancements
View Nvidia GPU hardware details in VxRail Manager vCenter plugin ‘Physical View’ and VxRail API
Leveraging the power of GPU acceleration with VCF on VxRail delivers a lot of value to organizations looking to harness the power of their data. VCF on VxRail makes operationalizing infrastructure with Nvidia GPUs easier with native GPU visualization and details using the VxRail Manager vCenter Plugin ‘Physical View’ and VxRail API. Administrators can quickly gain deeper-level hardware insights into the health and details of the Nvidia GPUs running on their VxRail nodes, to easily map the hardware layer to the virtual layer, and to help improve infrastructure management and serviceability operations.
Figure 1 shows what this looks like.
Figure 1. Nvidia GPU visualization and details – VxRail vCenter Plugin ‘Physical View’ UI
Support for the capturing, displaying, and proactive Dell dial home alerting for new VxRail iDRAC system events and alarms
Introduced in VxRail 7.0.450 and available in VCF 4.5.1 on VxRail 7.0.450 are enhancements to VxRail Manager intelligent system health monitoring of iDRAC critical and warning system events. With this new feature, new iDRAC warning and critical system events are captured, and through VxRail Manager integration with both iDRAC and vCenter, alarms are triggered and posted in vCenter.
Customers can view these events and alarms in the native vCenter UI and the VxRail Manager vCenter Plugin Physical View which contains KB article links in the event description to provide added details and guidance on remediation. These new events also trigger call home actions to inform Dell support about the incident.
These improvements are designed to improve the serviceability and support experience for customers of VCF on VxRail. Figures 2 and 3 show these events as they appear in the vCenter UI ‘All Issues’ view and the VxRail Manager vCenter Plugin Physical View UI, respectively.
Figure 2. New iDRAC events displayed in the vCenter UI ‘All Issues’ view
Figure 3. New iDRAC events displayed in the VxRail Manager vCenter Plugin UI ‘Physical View’
Support for the capturing, displaying, and proactive dial home alerting for new iDRAC NIC port down events and alarms
To further improve system serviceability and simplify operations, VxRail 7.0.450 introduces the capturing of new iDRAC system events related to host NIC port link status. These include NIC port down warning events, each of which is indicated by a NIC100 event code and a ‘NIC port is started/up’ info event.
A NIC100 event indicates either that a network cable is not connected, or that the network device is not working.
A NIC101 event indicates that the transition from a network link ‘down’ state to a network link ‘started’ or ‘up’ state has been detected on the corresponding NIC port.
VxRail Manager now creates new VxM events that track these NIC port states.
As a result, users can be alerted through an alarm in vCenter when a NIC port is down. VxRail Manager will also generate a dial-home event when a NIC port is down. When the condition is no longer present, VxRail Manager will automatically clear the alarm by generating a clear-alarm event.
Finally, to reduce the number of false positive events and prevent unnecessary alarm and dial home events, VxRail Manager implements an intelligent throttling mechanism to handle situations in which false positive alarms related to network maintenance activities could occur. This makes the alarms/events that are triggered more credible for an admin to act against.
Table 1 contains a summary of the details of these two events and the VxRail Manager serviceability behavior.
Table 1. iDRAC NIC port down and started event and behavior details
Let’s double click on this serviceability behavior in a bit more detail.
Figure 4 depicts the behavior process flow VxRail Manager takes when iDRAC discovers and triggers a NIC port down system event. Let’s walk through the details now:
1. The first thing that occurs is that iDRAC discovers that the NIC port state has gone down and triggers a NIC port down event.
2. Next, iDRAC will send that event to VxRail Manager.
3. At this stage VxRail Manager will validate how long the NIC port down event has been active and check whether a NIC port started (or up) event has been triggered within a 30-minute time frame since the original NIC port down event occurred. With this check, if there has not been a NIC port started event triggered, VxRail Manager will begin throttling NIC port down event communication in order to prevent duplicate alerts about the same event.
If during the 30-minute window, a NIC port started event has been detected, VxRail Manager will cease throttling and clear the event.
4. When the VxRail Manager event throttling state is active, VxRail Manager will log it in its event history.
5. VxRail Manager will then trigger a vCenter alarm and post the event to vCenter.
6. Finally, VxRail Manager will trigger a NIC port down dial home event communication to backend Dell Support Systems, if connected.
Figure 4. Processing VxRail NIC port down events, and VxRail Manager throttling logic
Figure 5 shows what this looks like in the vCenter UI.
Figure 5. VxRail NIC port down trigger alarm in vCenter UI
Figure 6 shows what this looks like in the VxRail Manager vCenter Plugin ‘Physical View’ UI.
Figure 6. VxRail Manager vCenter Plugin ‘Physical View’ UI view of a VxRail NIC port down event
VCF on VxRail storage updates
Support for new PowerMax 2500 and 8500 storage arrays with VxRail 14G and 15G dynamic nodes using VMFS on FC principal storage
Starting in VCF 4.5.1 on VxRail 7.0.450, support has been added for the latest next gen Dell PowerMax 2500 and 8500 storage systems as VMFS on FC principal storage when deployed with 14G and 15G VxRail dynamic node clusters in VI workload domains.
Figure 7 lists the Dell storage arrays that support VxRail dynamic node clusters using VMFS on FC principal storage for VCF on VxRail, along with the corresponding supported FC HBA makes and models.
Note: Compatible supported array firmware and software versions are published in the Dell E-Lab Support Matrix for reference.
Figure 7. Supported Dell storage arrays used as VMFS on FC principal storage
VCF on VxRail lifecycle management enhancements
VCF Async Patch Tool 18.104.22.168 update
This tool addresses both LCM and security areas. Although it is not officially a feature of any specific VCF on VxRail release, it does get released asynchronously (pun intended) and is designed for use in VCF and VCF on VxRail environments. Thus, it deserves a call out.
For some background, the VCF Async Patch Tool is a new CLI based tool that allows cloud admins to apply individual component out-of-band security patches to their VCF on VxRail environment, separately from an official VCF LCM update release. This enables organizations to address security vulnerabilities faster without having to wait for a full VCF release update. It also allows admins to install these patches themselves without needing to engage support resources to get them applied manually.
With this latest AP Tool 22.214.171.124 release, the AP Tool now supports the ability to use patch VxRail (which includes all of the components in a VxRail update bundle including VxRail Manager and ESXi software components, and VxRail HW firmware/drivers) within VCF on VxRail environments. This is a great addition to the tool’s initial support for patching vCenter and NSX Manager in its first release. VCF on VxRail customers now have a centralized and standardized process for applying security patches for core VCF and VxRail software and core VxRail HCI stack hardware components (such as server BIOS or pNIC firmware/driver for example), all in a simple and integrated manner that VCF on VxRail customers have come to expect from a jointly engineered integrated turnkey hybrid cloud platform.
Note: Hardware patching is made possible due to how VxRail implements HW updates with the core VxRail update bundle. All VxRail patches for VxRail Manager, ESXi, and HW components are delivered in a the VxRail update bundle and leveraged by the AP Tool to apply.
From an operational standpoint, when patches for the respective software and hardware components have been applied, and a new VCF on VxRail BOM update is available that includes the security fixes, admins can use the tool to download the latest VCF on VxRail LCM release bundles and upgrade their environment back to an official in-band VCF on VxRail release BOM. After that, admins can continue to use the native SDDC Manager LCM workflow process for applying additional VCF on VxRail upgrades. Figure 8 highlights this process at a high level.
Figure 8. Async Patch Tool overview
In this latest release, the new features and platform improvements help set the stage for even more innovation in the future. For more details about bug fixes in this release, see VMware Cloud Foundation on Dell VxRail Release Notes. For this and other Cloud Foundation on VxRail information, see the following additional resources.
Author: Jason Marques
- VMware Cloud Foundation on Dell VxRail Release Notes
- VxRail page on DellTechnologies.com
- VxRail Info Hub
- VCF on VxRail Interactive Demo
Announcing VMware Cloud Foundation 5.0 on Dell VxRail 8.0.100
Thu, 22 Jun 2023 13:00:59 -0000|
Read Time: 0 minutes
A more flexible and scalable hybrid cloud platform with simpler upgrades from previous releases
The latest release of the co-engineered turnkey hybrid cloud platform is now available, and I wanted to take this great opportunity to discuss its enhancements.
Many new features are included in this major release, including support for the latest VCF and VxRail software component versions based on the latest vSphere 8.0 U1 virtualization platform generation, and more. Read on for the details!
In-place upgrade lifecycle management enhancements
Support for automated in-place upgrades from VCF 4.3.x and higher to VCF 5.0
This is the most significant feature our customers have been waiting for. In the past, due to significant architectural changes between major VCF releases and their SDDC components (such as NSX), a migration was required to move from one major version to the next. (Moving from VCF 4.x to VCF 5.x is considered a major version upgrade.) In this release, this type of upgrade is now drastically improved.
After the SDDC Manager has been upgraded to version 5.0 (by downloading the latest SDDC Manager update bundle and performing an in-place automated SDDC Manager orchestrated LCM update operation), an administrator can follow the new built-in SDDC Manager in-place upgrade workflow. The workflow is designed to assist in upgrading the environment without needing any migrations. Domains and clusters can be upgraded sequentially or in parallel. This reduces the number and duration of maintenance windows, allowing administrators to complete an upgrade in less time. Also, VI domain skip-level upgrade support allows customers to run VCF 4.3.x or VCF 4.4.x BOMs in their domains to streamline their upgrade path to VCF 5.0, by skipping intermediary VCF 4.4.x and 4.5.x versions respectively. All this is performed automatically as part of the native SDDC Manager LCM workflows.
What does this look like from the VCF on VxRail administrator’s perspective? The administrator is first notified that a new SDDC Manager 5.0 upgrade is available. Administrators will be guided first to update their SDDC Manager instance to version 5.0. With SDDC Manager 5.0 in place, administrators can take advantage of the new enhancements which streamline the in-place upgrade process that can be used for the remaining components in the environment. These enhancements follow VMware best practices, reduce risk, and allow administrators to upgrade the full stack of the platform in a staged manner. These enhancements include:
- Context aware prechecks
- vRealize Suite prechecks
- Config drift awareness
- vCenter Server migration workflow
- Licensing update workflow
The following image highlights part of the new upgrade experience from the SDDC Manager UI. First, on the updates tab for a given domain, we can see the availability of the upgrade from VCF 4.5.1 to VCF 5.0.0 on VxRail 8.0.100 (Note: In this example, the first upgrade bundle for the SDDC Manager 5.0 was already applied.)
When the administrator clicks View Bundles, SDDC Manager displays a high-level workflow that highlights the upgrade bundles that would be applied, and in which order.
To see the in-place upgrade in action, check out the following demo:
Now let’s dive a little deeper into the upgrade workflow steps. The following diagram depicts the end-to-end workflow for performing an in-place LCM upgrade from VCF 4.3.x/4.4.x/4.5.x to VCF 5.0 for the management domain.
The in-place upgrade workflow for the management domain consists of the following six steps:
- Plan and prepare by ensuring all important prerequisites are met (for example, the minimum supported VCF on VxRail version for an in-place upgrade is validated, in-place upgrade supported topologies are being used, and so on).
- Run an update precheck and resolve any issues before starting the upgrade process.
- Download the VMware Cloud Foundation and VxRail Upgrade Bundles from the Online Depot within SDDC Manager using a MyVMware account and a Dell support online depot account respectively.
- Upgrade components using the automated guided workflow, including SDDC Manager, NSX-T Data Center, vCenter Server for VCF, and VxRail hosts.
- Apply configuration drifts, which capture required configuration changes between release versions.
- When the upgrade is completed, update component licensing using the built-in SDDC Manager workflow (only applicable for VCF instances deployed using perpetual licensing).
Upgrading workload domains follows a similar workflow.
If performed manually, the in-place upgrade process to VCF 5.0 on VxRail 8.0.100 from previous releases would be potentially error-prone and time-consuming. The guided, simplified, and automated experience now provided in SDDC Manager 5.0 greatly reduces the effort and risk for customers, by helping them perform this operation in a fully controlled, guided, and automated manner on their own, providing a much better user experience and better value.
SDDC Manager context aware prechecks
Keeping a large-scale cloud environment in a healthy, well-managed state is very important to achieve the desired service levels and increase the success rate of LCM operations. In SDDC Manager 5.0, prechecks have been further enhanced and are now context aware. But what does this mean?
Before performing the upgrade, administrators can choose to run a precheck against a specific VCF release (“Target Version”) or run a “General Update Readiness” precheck. Each type of precheck allows the administrator to select the specific VCF on VxRail objects to run the precheck on. For example, an administrator can run it against an entire domain, a VxRail cluster, or even an individual SDDC software component such as NSX and vRealize/Aria Suite components. For example, a precheck can be run at a per-VxRail cluster level, which might be useful for large workload domains configured with multiple clusters. It could reduce planned maintenance windows by updating components of the domain separately.
But what is the difference between the “Target Version” and “General Upgrade Readiness” precheck types? Let me explain:
- Target Version precheck - Prechecks for a specific “Target Version” will run prechecks related to the components between the source and target VCF on VxRail release. (Note that the drop-down in the SDDC Manager UI will only show target versions from VCF 5.x on VxRail 8.x after the SDDC Manager has been updated to 5.0). This feature reduces the risk of issues during the upgrade to the target VCF release.
- General Upgrade Readiness precheck - The “General Upgrade Readiness” precheck can be run any time to plan and assess upgrade readiness without triggering the upgrade. The “General Upgrade Readiness” precheck can periodically run as a health check on a given SDDC component.
The following screenshot shows what this feature looks like from the system administrator perspective in the SDDC Manager UI:
Platform security and scalability enhancements
Isolated domains with individual SSO
Another significant new feature I’d like to highlight is the introduction of Isolated workload domains. This has a significant impact on both the security and scalability of the platform.
In the past, VMware Cloud Foundation 4.x deployments by design have been configured to use a single SSO instance shared between the management domain and all VI workload domains (WLDs). All WLDs’ vCenter Servers are connected to each other using Enhanced Linked Mode (ELM). After a user is logged into SDDC Manager, ELM provides seamless access to all the products in the stack without being challenged to authenticate again.
VCF 5.0 on VxRail 8.0.100 deployments allow administrators to configure new workload domains using separate SSO instances. These are known as Isolated domains. This capability can be very useful, especially for Managed Service Providers (MSPs) who can allocate Isolated workload domains to different tenants with their own SSO domains for better security and separation between the tenant environments. Each Isolated SSO domain within VCF 5.0 on VxRail 8.0.100 is also configured with its own NSX instance.
As a positive side effect of this new design, the maximum number of supported domains per VCF on VxRail instance has now been increased to 25 (this includes the management domain and assumes all workload domains are deployed as isolated domains). This scalability enhancement results from not hitting the max number of vCenters configured in an ELM instance (which is 15) because Isolated domains are not configured with ELM with the management SSO domain. So, increasing the security and separation between the workload domains can also increase the overall scalability of the VCF on VxRail cloud platform.
The following diagram illustrates how customers can increase the scalability of the VCF on VxRail platform by adding isolated domains with their dedicated SSO:
What does this new feature look like from the VCF on VxRail administrator’s perspective?
When creating a new workload domain, there’s a new option in the UI wizard allowing either to join the new WLD into the management SSO domain or create a new SSO domain:
After the SSO domain is created, its information is shown in the workload domain summary screen:
General LCM updates
VxRail accurate versioning support and SDDC Manager ‘Release Versions’ UI and API enhancements
These two features should be discussed together. Beginning in VCF 5.0 on VxRail 8.0.100 and higher, enhancements were made to the SDDC Manager LCM service that enables more granular compatibility and tracking of current and previous VxRail versions that are compatible with current and previous VCF versions. This opens VCF on VxRail to be more flexible by supporting different VxRail versions within a given VCF release. It allows admins to support applying and tracking asynchronous VxRail release patches outside of the 1:1 mapped, fully compatible VCF on VxRail release that could require waiting for it to be available. This information about available and supported release versions for VCF and VxRail is integrated into the SDDC Manager UI and API.
Flexible WLD target versions
VCF 5.0 on VxRail 8.0.100 introduces the ability for each workload domain to have different versions as far back as N-2 releases, where N is the current version on the management domain. With this new flexibility, VCF on VxRail administrators are not forced to upgrade workload domain versions to match the management domain immediately. In the context of VCF 5.0 on VxRail 8.0.100, this can help admins plan upgrades over a long period of time when maintenance windows are tight.
SDDC Manager config drift awareness
Each VMware Cloud Foundation release introduces several new features and configuration changes to its underlying components. Update bundles contain these configuration changes to ensure an upgraded VCF on VxRail instance will function like a greenfield deployment of the same version. Configuration drift awareness allows administrators to view parameters and configuration changes as part of the upgrade. An example of configuration drift is adding a new service account or ESXi lockdown enhancement. This added visibility helps customers better understand new features and capabilities and their impact on their deployments.
The following screenshot shows how this new feature appears to the administrator of the platform:
SDDC Manager prechecks for vRealize/Aria Suite component versions
SDDC Manager 5.0 allows administrators to run a precheck for vRealize/VMware Aria Suite component compatibility. The vRealize/Aria Suite component precheck is run before upgrading core SDDC components (NSX, vCenter Server, and ESXi) to a newer VCF target release, and can be run from VCF 4.3.x on VxRail 7.x and above. The precheck will verify if all existing vRealize/Aria Suite components will be compatible with core SDDC components of a newer VCF target release by checking them against the VMware Product Interoperability Matrix.
General security updates
Enhanced certificate management
VCF 5.0 on VxRail 8.0.100 contains improved workflows that orchestrate the process of configuring Certificate Authorities and Certificate Signing Requests. Administrators can better manage certificates in VMware Cloud Foundation, with improved certificate upload and installation, and new workflows to ensure certificate validity, trust, and proper installation. These new workflows help to reduce configuration time and minimize configuration errors.
Support for NVMe over TCP connected supplemental storage
Supplemental storage can be used to add storage capacity to any domain or cluster within VCF, including the management domain. It is configured as a Day 2 operation. What’s new in VCF 5.0 on VxRail 8.0.100 is the support for the supplemental storage to be connected with the NVMe over TCP protocol.
Administrators can benefit from using NVMe over TCP storage in a standard Ethernet-based networking environment. NVMe over TCP can be more cost-efficient than NVMe over FC and eliminates the need to deploy and manage a fiber channel fabric if that is what an organization requires.
Operations and serviceability updates
VMware Cloud Foundation+ has been enhanced for the VCF 5.0 release, allowing greater scale and integrated lifecycle management. First, the scalability increased – it allows administrators to connect up to eight domains per VCF instance (including the management domain) to the VMware Cloud portal. Second, updates to the Lifecycle Notification Service within the VMware Cloud portal provide visibility of pending updates to any component within the VCF+ Inventory. Administrators can initiate updates through the VCF+ Lifecycle Management Notification Service, which connects back to the specific SDDC Manager instance to be updated. From here, administrators can use familiar SDDC Manager prechecks and workflows to update their environment.
VxRail hardware platform updates
Support for single socket 15G VxRail P670F
A new VxRail hardware platform is now supported, providing customers more flexibility and choice. The single-socket VxRail P670F, a performance-focused platform, is now supported in VCF on VxRail deployments and can offer customers savings on software licensing in specific scenarios.
Other asynchronous release related updates
VCF Async Patch Tool 126.96.36.199 release
While not directly tied to VCF 5.0 on VxRail 8.0.100 release, VMware has also released the latest version of the VCF Async Patch Tool. This latest version now supports applying patches to VCF 5.0 on VxRail 8.0.100 environments.
VMware Cloud Foundation 5.0 on Dell VxRail 8.0.100 is a new major platform release based on the latest generation of VMware’s vSphere 8 hypervisor. It provides several exciting new capabilities, especially around automated upgrades and lifecycle management. This is the first major release that provides guided, simplified upgrades between the major releases directly in the SDDC Manager UI, offering a much better experience and more value for customers.
All of this makes the new VCF on VxRail release a more flexible and scalable hybrid cloud platform, with simpler upgrades from previous releases, and lays the foundation for even more beneficial features to come.
Author: Karol Boguniewicz, Senior Principal Engineering Technologist, VxRail Technical Marketing